An apparatus and method by which a user or cardholder can be given an electronic-commerce pin that bears no discernible relation to the atm pin, but from which the atm pin can be cryptographically determined using the cardholder's account number and an issuer-unique “conversion” secret key. The intent is that the Maestro Master Debit Switch, or else the Member Interface processor, whichever is appropriate to a given issuer, can “convert” an electronic-commerce pin to an atm pin, so that the member, by verifying the atm pin, is in effect verifying the electronic-commerce pin. If the electronic-commerce pin is entered incorrectly, it will convert into an incorrect atm pin. Thus the member's EDP facility need not deal with two pins, yet the atm pin is not exposed to possible compromise in PCs or other electronic-commerce equipment. The suggested approach ensures that any disclosure of the electronic-commerce pin does not disclose the atm pin.
|
10. A system for generating identification data comprising:
a first computer selecting an atm pin from a plurality of atm pins,
a first computer selecting an account number corresponding to the selected atm pin,
a first computer selecting a bin corresponding to the selected account number;
a first computer selecting a key corresponding to the bin;
a first computer generating an electronic commerce pin using the selected key, the atm pin and the account number;
a first computer receiving the electronic commerce pin and transaction information corresponding to the electronic commerce pin from a second computer;
a first computer selecting a conversion key based on said transaction information;
a first computer deriving the atm pin using the conversion key, the electronic commerce pin and the account number;
a first computer verifying the atm pin;
a first computer encrypting the derived atm pin and transmitting the encrypted atm pin and the transaction information to a third computer specific to the selected bin.
1. A method for generating identification data comprising:
selecting by a first computer an atm pin from a plurality of atm pins;
selecting by the first computer an account number corresponding to the selected atm pin;
selecting by the first computer a bin corresponding to the selected account number;
selecting by the first computer a key corresponding to the bin;
generating by the first computer an electronic commerce pin using the selected key, the atm pin and the account number;
receiving the electronic commerce pin and transaction information corresponding to the electronic commerce pin from a second computer;
selecting a conversion key by the first computer based on said transaction information;
deriving the atm pin by the first computer using the conversion key, the electronic commerce pin and the account number;
verifying the atm pin by the first computer;
encrypting the derived atm pin by the first computer and transmitting the encrypted atm pin and the transaction information to a third computer specific to the selected bin.
18. A system for generating identification data comprising:
a memory on a first computer;
a processor on said first computer in communication with the memory;
a computer readable medium on said first computer in communication with the processor and storing instructions which, when executed, cause the processor to perform the steps of:
selecting an atm pin from a plurality of atm pins,
selecting an account number corresponding to the selected atm pin,
selecting a bin corresponding to the selected account number;
selecting a key corresponding to the bin;
generating an electronic commerce pin using the selected key, the atm pin and the acct number;
receiving the electronic commerce pin and transaction information corresponding to the electronic commerce pin from a second computer;
selecting a conversion key based on said transaction information;
deriving the atm pin using the conversion key, the electronic commerce pin and the account number;
verifying the atm pin by the first computer;
encrypting the derived atm pin and transmits the encrypted atm pin and the transaction information to a third computer specific to the selected bin.
2. The method of
conversion key derivation data and a
conversion key derivation key.
3. The method of
4. The method of
and wherein at least one cryptographic operation using a secret key is performed to cryptographically process said conversion key derivation data to produce the conversion key.
5. The method of
accessing cryptographically-computed data; and
performing an operation upon the atm pin and the cryptographically-computed data.
6. The method of
7. The method of
8. The method of
9. The method of
11. The system of
conversion key derivation data and a
conversion key derivation key.
12. The system of
13. The system of
and wherein at least one cryptographic operation using a secret key is performed to cryptographically process said conversion key derivation data to produce the conversion key.
14. The system of
15. The system of
16. The system of
17. The system of
19. The system of
conversion key derivation data and a
conversion key derivation key.
20. The system of
21. The system of
and wherein at least one cryptographic operation using a secret key is performed to cryptographically process said conversion key derivation data to produce the conversion key.
22. The system of
23. The system of
24. The system of
25. The system of
|
This application claims priority to U.S. Provisional Patent Application entitled “An Electronic-Commerce PIN Cryptographically Related to an ATM PIN,” Ser. No. 60/100,982, which was filed on Sep. 18, 1998.
The invention relates generally to the field of information security, and more particularly to an apparatus and method for generating a password such as a personal identification number (PIN) which can be used over an electronic communications network such as the Internet in connection with conducting financial transactions (“Electronic Commerce”).
Electronic Commerce (e-commerce) is growing at an incredible rate. With the ever expanding popularity of electronic networks such as the Internet, companies and individuals are seeking ways to efficiently use such networks as a medium for conducting business. While e-commerce is steadily growing in popularity, a potential impediment to realizing Electronic Commerce's full potential resides in a perception that financial information which is required to perform a transaction, such as credit card account data and debit card personal identification numbers and the like, is subject to interception and misuse by unauthorized third parties when transmitted over an open network such as the Internet.
In general, to process payment information over a network, a personal identification number (“PIN”) can be used to verify that the sender of payment information is the person or entity authorized to use the payment information. For example, if a customer is using a debit card or other electronic account access to purchase goods and services on the Internet, the payment information can include a PIN which will be checked by the debit card issuer's processing center. If the PIN is valid, the transaction will proceed pending other verifications. If the PIN is invalid, the customer will be asked to retransmit the payment information with the correct PIN. If the correct PIN is not entered after a predetermined number of times, the transaction will be denied. While using a credit card over a network currently does not typically involve the use of a PIN, the verification technique of a PIN could be used with credit cards or electronic cash cards.
Additional information regarding the secure use of PINs in Electronic Commerce can be found in U.S. patent application entitled “Asymmetric Encrypted PIN,” Ser. No. 09/321,977, filed on May 28, 1999, which is hereby incorporated by reference.
In some cases, the Electronic-Commerce PIN (i.e., the PIN used to purchase goods and services over a network) can be identical, or similar, to the customer's automatic teller machine (“ATM”) PIN. However, Electronic Commerce is sometimes transacted over networks which are less secure than ATMs, and because the ATM PIN prevents the unauthorized use of the card or account information in the case of a lost or stolen card, ATM PIN information must be treated very securely. Accordingly, for non-ATM transactions such as those related to Electronic Commerce, it is desirable to avoid using the ATM PIN, especially if the non-ATM transactions are being performed within an environment or machine which is less secure than an ATM.
Accordingly, it is an object of the invention to provide a password such as an Electronic-Commerce PIN for use in financial transactions, such that the password is different from the ATM PIN and an unauthorized party would be prevented from deducing the ATM PIN from the Electronic-Commerce PIN, but an authorized party knowing a secret key can recover the ATM PIN from the Electronic-Commerce PIN (e.g., the Electronic-Commerce PIN is a reversible encrypted version of the ATM PIN).
In accordance with the invention, a mathematical operation is performed upon an ATM PIN and a cryptographically-generated number, thereby generating an Electronic-Commerce PIN.
The cryptographically-generated number can be generated by performing an encryption and/or decryption procedure upon, e.g., a number such as an account number, using a conversion key. The conversion key can be associated with a card issuer, and can be generated by, e.g., performing an encryption and/or decryption procedure upon a bank identification number (BIN) using a conversion key derivation key.
It may be necessary to convey a conversion key from one institution to another, desirably in encrypted form. When this is necessary, it may be desirable to transmit with the conversion key, a non-secret “key check value”, so that the recipient of a key can ensure that the key was not garbled during transmission or decryption. When such a key-check value is required, the originator of the key can generate it by a cryptographic procedure encrypting a non-secret value known to the key recipient using a portion of the resulting ciphertext as the key-check value.
When, in the course of performing a transaction, a user inputs a number purported to be the Electronic-Commerce PIN, a cryptographic process based on the conversion key can be used to transform this Electronic Commerce PIN (if inputted correctly) into the ATM PIN for re-encryption and transmission to the issuer, so that the issuer can use its current PIN verification methodology to verify the inputted PIN. This cryptographic transformation (from Electronic-Commerce PIN to ATM PIN) in general uses an account-unique number, most likely the account number.
Further objects, features, and advantages of the invention will become apparent from the following detailed description taken in conjunction with the accompanying figures showing illustrative embodiments of the invention.
The invention is explained in greater detail below by reference to the drawings, in which:
In accordance with the invention, an Electronic-Commerce PIN can be generated by performing a cryptographic operation upon an ATM PIN. The operation can include cryptographically generating a number by encrypting a number such as an account number, and then computing the sum or the difference of the ATM PIN and the cryptographically-generated number. When the Electronic-Commerce PIN is subsequently submitted by a customer in order to perform a transaction (e.g., purchase goods or services), the ATM PIN can be computed by calculating the difference or the sum of the Electronic-Commerce PIN and the aforementioned cryptographically-generated number, depending upon whether the Electronic-Commerce PIN was originally generated by calculating the sum or the difference, respectively, of the ATM PIN and the cryptographically-generated number.
The cryptographic operation discussed above can be, for example, a symmetric encryption. Symmetric encryption uses a secret key as part of a mathematical formula which encrypts data by transforming the data using the formula and key. After the data is encrypted, another party can decrypt the data using the same secret key with a related decryption algorithm. Because the same key is used for both encryption and decryption, the technique is said to be symmetric. A conventional example of a symmetric encryption algorithm is the NIST Data Encryption Standard (DES).
A more secure form of DES symmetric encryption involves encrypting data using multiple keys. In this technique, called triple DES, data is first encrypted with symmetric key A, then decrypted using symmetric key B (which in effect further encrypts the data), and then further encrypted using key A again. Once the data has arrived at its destination, key A is used to decrypt the data, key B is used to encrypt the data, and key A is used to decrypt the data. These extra steps of encryption and decryption make the technique more secure because they prevent the use of an exhaustive process to determine the key.
Another type of encryption technique which can be used in connection with the invention is “AES” or “Advanced Encryption Standard” which will apparently use a 128 bit key (whereas triple DES uses a 112 bit key).
Generation of the “Conversion Key”
In accordance with an advantageous embodiment of the invention, a message switching system, and in this example a “Maestro Master Debit Switch”, MDS, controlled by Mastercard's “Maestro” point-of-sale debit program, creates, within its “host security module”, a physically-secure device, a (for example) “Conversion Key Derivation Key” that is unknown to any person. This key should be kept highly secure since its compromise would disclose all Conversion Keys of all Issuers, and it should be a double-length key if DES is the encryption algorithm.
For each of an issuer's bank identification numbers (“BINs”) a unique double-length Conversion Key can be computed, within the security module of the MDS, by the following exemplary Conversion Key generation procedure, illustrated in
If a key-check value is desired on the just-generated Conversion Key, it can be produced by the following exemplary procedure, illustrated in
The Conversion Key (and its key-check value), along with the associated BIN, can then optionally be conveyed by secure means to the issuer, if it is desirable for the issuer, rather than the Maestro Master Debit Switch, to produce the Electronic-Commerce PINs. It is preferable to encrypt the Conversion Key under a double-length key for such conveyance, and if the Conversion Key is stored by the issuer, it is preferable to encrypt the Conversion Key under a double-length key, such that the cleartext Conversion Key is available only within the host security modules of the MDS and the issuer.
Generation of The Electronic-Commerce Pin
The Electronic-Commerce PIN for each participating cardholder can be generated either by the issuer itself, or by the Maestro Master Debit Switch as, e.g., a service to the issuer. The cleartext ATM PIN should be available to this process, which is preferably performed within a host security module.
Generation by the Issuer
When the Electronic-Commerce PIN is generated by the issuer itself, the issuer can use the following exemplary procedure, illustrated in
The Electronic-Commerce PIN can then be conveyed to the cardholder by secure means, such as a PIN mailer.
Generation by the Master Debit Switch
When the Electronic-Commerce PIN is generated by the MDS rather than by the issuer, the MDS should have access to both the account number and the cleartext PIN. Presumably a copy of the issuer's entire PIN data base can be transferred to the MDS, though it is preferably transferred and stored encrypted under a securely-managed double-length key.
When the MDS is to generate an Electronic-Commerce PIN from an ATM PIN for a given account, it examines the account number and determines the account number's BIN from its BIN tables. Using the BIN, and the Conversion Key Derivation Key which the MDS derives within its host security module, the MDS generates a Conversion Key appropriate to this BIN, using the Conversion Key generation procedure described above and shown in
Again, the Electronic-Commerce PIN is preferably conveyed to the cardholder in a PIN mailer or by equivalently secure means. When printed within such a document, the printer is preferably connected directly to the MDS's host security module.
PIN Conversion
For those transactions that pass through the MDS, conversion from the Electronic-Commerce PIN to the ATM PIN can be performed at this switch. In some areas of the world, however, a distributed network, rather than a “star” network, is commonly used, and each “member” (i.e., institution, such as a bank, which offers card products associated with the aforementioned network) may have its own processor (hereinafter, “Member Interface Processor”) in its Electronic Data Processing (“EDP”) facility. In such areas a transaction does not necessarily pass through the MDS, but instead may be directly transmitted from the Member Interface Processor of the “acquirer” (i.e., the bank or financial institution of the merchant) to the Member Interface Processor of the issuer. In this situation the PIN conversion generally occurs within the issuer's Member Interface Processor.
PIN Conversion in the Master Debit Switch
When the MDS receives an electronic-commerce transaction it first determines the associated BIN from the transaction's account number using its BIN table. It then provides the BIN and the account number to its host security module. In addition, an unverified Electronic-Commerce PIN would normally be received in encrypted form in an electronic-commerce transaction, and the MDS can provide the encrypted, unverified Electronic-Commerce PIN to the host security module. The module can then perform the following exemplary PIN Conversion procedure, illustrated in
Pin Conversion in the Member-Interface Processor
When the transaction is delivered to a Member Interface Processor at the issuer's facility, this processor makes the conversion from Electronic-Commerce PIN to ATM PIN. The Member Interface Processor contains a form of security module, and this module is able to decrypt and re-encrypt PINs. This module can also perform the conversion from Electronic-Commerce PIN to ATM PIN.
In this case, the Conversion Key is not derived by the Member Interface Processor, but rather the Conversion Keys appropriate to the member's BINs can be made available within the security-module portion of this processor. In this example, the keys originate with the MDS, and those appropriate to a given Member Interface Processor can be transferred from the MDS to this processor by secure means prior to the first use of the Member Interface Processor for PIN conversion. Thus, the Conversion Key appropriate to the current transaction can be selected by the Member Interface Processor from these available keys, based on the BIN of the current transaction. In this way the compromise of one Member Interface Processor would not disclose the Conversion Keys of any other members.
After the appropriate Conversion Key has been selected, steps 402 through 409 of the above-described PIN conversion process are performed (except that in Step 403 “derived Conversion Key” is replaced with “selected Conversion Key”). The Member Interface Processor then appropriately encrypts the sixth PIN conversion result and forwards it to the member's EDP system for verification (which entails comparing the sixth PIN conversion result to the correct ATM PIN), just as if the transaction had originated at an ATM or point-of-sale (POS) terminal.
It will be appreciated by those skilled in the art that the methods of
Although the present invention has been described in connection with specific exemplary embodiments, it should be understood that various changes, substitutions and alterations can be made to the disclosed embodiments without departing from the spirit and scope of the invention as set forth in the appended claims.
Wankmueller, John, Campbell, Carl
Patent | Priority | Assignee | Title |
10108959, | Mar 15 2011 | Capital One Services, LLC | Systems and methods for performing ATM fund transfer using active authentication |
10453062, | Mar 15 2011 | Capital One Services, LLC | Systems and methods for performing person-to-person transactions using active authentication |
11042877, | Mar 15 2011 | Capital One Services, LLC | Systems and methods for performing ATM fund transfer using active authentication |
11836724, | Mar 15 2011 | Capital One Services, LLC | Systems and methods for performing ATM fund transfer using active authentication |
7934640, | Jun 21 2005 | Greenwald Industries, Incorporated | Method, system, and computer program product for implementing pin-based data transfer activities |
8543828, | Dec 06 2010 | AT&T Intellectual Property I , L.P. | Authenticating a user with hash-based PIN generation |
8635159, | Mar 26 2010 | Bank of America Corporation | Self-service terminal limited access personal identification number (“PIN”) |
8645222, | Mar 20 2009 | JPMORGAN CHASE BANK, N.A. | System and methods for mobile ordering and payment |
9230259, | Mar 20 2009 | JPMORGAN CHASE BANK, N.A. | Systems and methods for mobile ordering and payment |
9324076, | Jun 02 2006 | First Data Corporation | PIN creation system and method |
9846866, | Feb 22 2007 | First Data Corporation | Processing of financial transactions using debit networks |
9886706, | Mar 20 2009 | JPMORGAN CHASE BANK, N.A. | Systems and methods for mobile ordering and payment |
Patent | Priority | Assignee | Title |
4214230, | Jan 19 1978 | ICL Systems Aktiebolag | Personal identification system |
4223403, | Jun 30 1978 | International Business Machines Corporation | Cryptographic architecture for use with a high security personal identification system |
4997288, | Dec 09 1988 | EXCHANGE SYSTEM LIMITED PARTNERSHIP, THE | Power supply arrangement for fault-tolerant operation in a microcomputer-based encryption system |
5175766, | Dec 09 1988 | The Exchange System Limited Partnership | Signalling scheme for controlling data encryption device in an electronic fund transaction processing system |
5265162, | Jan 16 1990 | Portable pin card | |
5724423, | Sep 18 1995 | Telefonaktiebolaget LM Ericsson | Method and apparatus for user authentication |
5731575, | Oct 26 1994 | Computerized system for discreet identification of duress transaction and/or duress access | |
5877482, | Dec 09 1994 | Security system for EFT using magnetic strip cards | |
6049785, | Dec 16 1993 | Soverain IP, LLC | Open network payment system for providing for authentication of payment orders based on a confirmation electronic mail message |
6163771, | Aug 28 1997 | PayPal, Inc | Method and device for generating a single-use financial account number |
6308887, | Dec 02 1997 | CASH TECHNOLOGIES INC | Multi-transactional architecture |
6484260, | Apr 24 1998 | BANK OF AMERICA,N A | Personal identification system |
6575372, | Feb 21 1997 | Multos Limited | Secure multi-application IC card system having selective loading and deleting capability |
20010023415, | |||
20020152180, | |||
20030053609, | |||
20040020982, |
Executed on | Assignor | Assignee | Conveyance | Frame | Reel | Doc |
Sep 17 1999 | MasterCard International Incorporated | (assignment on the face of the patent) | / |
Date | Maintenance Fee Events |
Mar 11 2013 | M1551: Payment of Maintenance Fee, 4th Year, Large Entity. |
Jun 08 2017 | M1552: Payment of Maintenance Fee, 8th Year, Large Entity. |
Aug 09 2021 | REM: Maintenance Fee Reminder Mailed. |
Jan 24 2022 | EXP: Patent Expired for Failure to Pay Maintenance Fees. |
Date | Maintenance Schedule |
Dec 22 2012 | 4 years fee payment window open |
Jun 22 2013 | 6 months grace period start (w surcharge) |
Dec 22 2013 | patent expiry (for year 4) |
Dec 22 2015 | 2 years to revive unintentionally abandoned end. (for year 4) |
Dec 22 2016 | 8 years fee payment window open |
Jun 22 2017 | 6 months grace period start (w surcharge) |
Dec 22 2017 | patent expiry (for year 8) |
Dec 22 2019 | 2 years to revive unintentionally abandoned end. (for year 8) |
Dec 22 2020 | 12 years fee payment window open |
Jun 22 2021 | 6 months grace period start (w surcharge) |
Dec 22 2021 | patent expiry (for year 12) |
Dec 22 2023 | 2 years to revive unintentionally abandoned end. (for year 12) |